Added code to create Intel AMT setup.bin file.

2025-03-09 15:40:18 +00:00 · 2020-10-26 20:39:04 -07:00 · 2020-10-26 20:39:04 -07:00 · 3561ad8c16
commit 3561ad8c16
parent a5764178c7
4 changed files with 366 additions and 3 deletions
--- a/certoperations.js
+++ b/certoperations.js
@ -164,7 +164,7 @@ module.exports.CertificateOperations = function (parent) {
                acmconfig.certs = orderedCerts;
                acmconfig.key = obj.pki.privateKeyToPem(r.keys[0]);
                acmCerts.push(acmconfig);
-                acmmatch.push({ 'sha256': acmconfig.sha256, 'sha1': acmconfig.sha1, 'cn': acmconfig.cn });
+                acmmatch.push({ sha256: acmconfig.sha256, sha1: acmconfig.sha1, cn: acmconfig.cn });
            }
        }
        amtacmactivation.acmmatch = acmmatch;
@ -180,8 +180,68 @@ module.exports.CertificateOperations = function (parent) {
                amtacmactivation.acmmatch.push({ 'sha256': sha256, 'sha1': sha1, 'cn': '*' });
            }
        }
+    }

-        //console.log(amtacmactivation);
+
+    // Get the setup.bin file
+    obj.GetSetupBinFile = function (amtacmactivation, oldmebxpass, newmebxpass) {
+        // Create a setup.bin file for our own root cert
+        // Get the wiadcard certificate hash
+        var wildcardCertSha256 = null;
+        for (var i = 0; i < amtacmactivation.acmmatch.length; i++) { if (amtacmactivation.acmmatch[i].cn == '*') { wildcardCertSha256 = amtacmactivation.acmmatch[i].sha256; } }
+
+        // Create the Setup.bin stack
+        const AmtSetupBinStack = require('./amt/amt-setupbin')();
+        var setupbin = AmtSetupBinStack.AmtSetupBinCreate(3, 1); // Version 3, 1 = Records will not be consumed.
+        var certRootName = 'MeshCentral';
+
+        // Create a new record
+        var r = {};
+        r.typeIdentifier = 1;
+        r.flags = 1; // Valid, unscrambled record.
+        r.chunkCount = 0;
+        r.headerByteCount = 0;
+        r.number = 0;
+        r.variables = [];
+        setupbin.records.push(r);
+
+        // Create "Current MEBx Password" variable
+        var v = {};
+        v.moduleid = 1;
+        v.varid = 1;
+        v.length = -1;
+        v.value = oldmebxpass;
+        setupbin.records[0].variables.push(v);
+
+        // Create "New MEBx Password" variable
+        v = {};
+        v.moduleid = 1;
+        v.varid = 2;
+        v.length = -1;
+        v.value = newmebxpass;
+        setupbin.records[0].variables.push(v);
+
+        // Create "User Defined Certificate Addition" variable
+        v = {};
+        v.moduleid = 2;
+        v.varid = 8;
+        v.length = -1;
+        v.value = String.fromCharCode(2) + Buffer.from(wildcardCertSha256, 'hex').toString('binary') + String.fromCharCode(certRootName.length) + certRootName; // 2 = SHA256 hash type
+        setupbin.records[0].variables.push(v);
+
+        // Create "PKI DNS Suffix" variable
+        v = {};
+        v.moduleid = 2;
+        v.varid = 3;
+        v.length = -1;
+        v.value = 'meshcentral.com';
+        setupbin.records[0].variables.push(v);
+
+        return AmtSetupBinStack.AmtSetupBinEncode(setupbin);
+
+        // Write the setup.bin file
+        //var bin = AmtSetupBinStack.AmtSetupBinEncode(setupbin);
+        //obj.fs.writeFileSync('c:\\temp\\setup.bin', bin, 'binary');
    }

    // Return the certificate of the remote HTTPS server